nixosTests.minidlna: fix by performing requests by IP

a little ugly, but minidlna now checks requests Host: header and only accepts requests using an IPv4 address to avoid DNS-rebinding attacks.
2022-03-06 13:08:19 +00:00 · 2022-03-06 13:08:19 +00:00 · 97572a798c
commit 97572a798c
parent d5633c504f
1 changed files with 4 additions and 2 deletions
--- a/nixos/tests/minidlna.nix
+++ b/nixos/tests/minidlna.nix
@ -33,7 +33,9 @@ import ./make-test-python.nix ({ pkgs, ... }: {
    server.succeed("mkdir -p /tmp/stuff && chown minidlna: /tmp/stuff")
    server.wait_for_unit("minidlna")
    server.wait_for_open_port("8200")
-    server.succeed("curl --fail http://localhost:8200/")
-    client.succeed("curl --fail http://server:8200/")
+    # requests must be made *by IP* to avoid triggering minidlna's
+    # DNS-rebinding protection
+    server.succeed("curl --fail http://$(getent ahostsv4 localhost | head -n1 | cut -f 1 -d ' '):8200/")
+    client.succeed("curl --fail http://$(getent ahostsv4 server | head -n1 | cut -f 1 -d ' '):8200/")
  '';
 })